<head><title>Please wait ...</title>
<script type="text/javascript">
<!--
function fail(message){
	alert(message);
	self.location.href="/php/main.php";
}
//-->
</script>
<?php
$con=mysql_connect("localhost","William");

if (!$con){
	die("MySQL Error " . mysql_error());
}
mysql_select_db("osa", $con);
$success=false;
$UID=$_REQUEST["UID"];
if(!isset($UID)){ ?><body onLoad='alert("Invalid request source");self.history.go(-1);' /> <?php die(); }
$query=mysql_query("SELECT * FROM user WHERE UID=$UID",$con);
if(!$query) die("MySQL Error " . mysql_error());
$row=mysql_fetch_array($query);
$nick=$_REQUEST["nick"];
$newpwd=$_REQUEST["newpwd"];
if(strlen($nick)==0) $nick="OSAer";
if(!$row) die("Internal Error: User #$UID not found");
else if($row["password"]!=$_REQUEST["pwd"]){ ?>
<body onLoad='fail("Incorrect password!");' /> <?php }
else{
	$query=mysql_query("UPDATE user SET nickname='$nick' WHERE UID=$UID");
	if(!$query) die("MySQL Error " . mysql_error());
	if(strlen($newpwd)>0){
		$query=mysql_query("UPDATE user SET password='$newpwd' WHERE UID=$UID");
		if(!$query) die("MySQL Error " . mysql_error());
	}
	$success=true;
}
if($success) echo "<meta http-equiv='Refresh' content='5;url=/php/main.php'></head>
<body>Update user information success.<br />
You will be redirected to the main page in 5 seconds ...
Click <a href='/php/main.php'>here</a> to go to the main page immediately.</body>";
mysql_close($con);
?>	
